Cisco ASA Firewall Rule Deletion Generator via RedSeal Device Cleanup Analysis Results

asa_cmds_rule_deletion.rb

#
# PURPOSE:
# The purpose of this script is to generate a list of commands to delete unused access rules from a 
# Cisco PIX or ASA firewall. This script is appropriate if you use the RedSeal application: 
# http://www.redsealnetworks.com. Currently the results are printed to the screen only.
#
# INSTRUCTIONS:
# When you want to clean up unused rules on a firewall. Use the RedSeal application to run a cleanup:
# Tools > Manage Device Cleanup (Alt+T, C). When finished, export the results as a CSV file. Don't
# forget to include the .CSV extension. Run this script and type the name of the file with the 
# extension. You will get a list of commands that you can copy and paste into the firewall to delete
# unused rules on a Cisco ASA/PIX firewall
#
# DISCLAIMER:
# I do not guarantee that this script will work in its entirety. Please read the code to make sure it 
# achieves what you have in mind.
#
# TODO:
# - Print results to a file
# X Print results with decreasing line numbers. A copy-and-paste approach to a PIX or ASA firewall
#   requires that higher line numbers are entered first
#
puts "Type the name of the file with extension:"
filename = gets.chomp!

File.open(filename) do |f|
  all_rules = []
  f.readlines.reject { |line| line.match(/\t0\t0/).nil? }.map do |line|
    description = line.split("\t").first.strip
    line_num = description.match(/\(config:(\d+)\)/)[1]
    rule = description.gsub(/\(config:\d+\)\s/, '').gsub(/(?=permit|deny)/, "line #{line_num}\s")
    negated_rule = rule.sub(/^/, 'no ')
    all_rules << negated_rule
  end
  all_rules.reverse!
  puts all_rules
end